fipamo/app/Repositories/MemberRepository.php
ro 4337a20fb8
API Improvements #116
API Security has been reworked to check if request is secure, verifies
the API token created on site setup given to every member, and then
confirms the system is accepting API requests by way of the API enabled
toggle in settings

API usage is now only meant for backend use, so this needs to be noted
in the docs
2024-07-17 16:41:11 -06:00

124 lines
3.6 KiB
PHP

<?php
namespace App\Repositories;
use App\Services\Assets\DocService;
use App\Interfaces\MemberRepositoryInterface;
use ReallySimpleJWT\Token;
use Carbon\Carbon;
use function _\find;
use function _\findIndex;
class MemberRepository implements MemberRepositoryInterface
{
protected $folks;
protected $docs;
public function __construct(DocService $docService)
{
$this->docs = $docService;
if (file_exists(env('FOLKS_PATH'))) {
$this->folks = json_decode(file_get_contents(env('FOLKS_PATH')), true);
} else {
$this->folks = json_decode(file_get_contents(env('FIPAMO_INIT') . '/folks-template.json'), true);
}
}
public function getAll()
{
return $this->folks;
}
public function getById($id)
{
$member = find($this->folks, ['id' => $id]);
return $member;
}
public function getByHandle($handle)
{
$member = find($this->folks, ['handle' => $handle]);
return $member;
}
public function delete($id)
{
//delete member stuff
}
public function create($member)
{
//make new member
}
public function update($member)
{
$index = findIndex($this->folks, ['id' => $member->id]);
$this->folks[$index]['handle'] = $member->handle;
$this->folks[$index]['email'] = $member->email;
if (isset($member->avatar)) {
$this->folks[$index]['avatar'] = $member->avatar;
}
$this->folks[$index]['updated'] = Carbon::now();
//save new folks file
$this->docs::writeSettings($this->folks, env('FOLKS_PATH'));
//update session
session()->put('member', $this->folks[$index]);
}
public function auth($request)
{
//suth stuff
$folks = $this->folks;
$found = $this->getByHandle($request->handle);
if ($found) {
if (password_verify($request->password, $found['password'])) {
$member = [
'id' => $found['id'],
'handle' => $found['handle'],
'email' => $found['email'],
'role' => $found['role'],
'avatar' => $found['avatar'],
'key' => $found['key'],
'secret' => $found['secret'],
];
$token = Token::create(
$found['key'],
$found['secret'],
time() + 3600,
'localhost'
); //expires in an hour
$form_token = md5(uniqid(microtime(), true));
$request->session()->put('member', $member);
$request->session()->put('token', $token);
$request->session()->put('form_token', $form_token);
return ['status' => true, 'message' => 'HEY WELCOME BACK'];
//DO SESSION STUFF
} else {
return ['status' => false, 'message' => 'CHECK THAT PASSWORD'];
//RETURN ERROR
}
} else {
return ['status' => false, 'message' => 'CHECK THAT HANDLE'];
}
}
public static function status()
{
if (session('member') !== null) {
if (
Token::validate(session('token'), session('member')['secret']) &&
Token::validateExpiration(session('token'), session('member')['secret'])
) {
return true;
} else {
return false;
}
} else {
return false;
}
}
}